rpms / selinux-policy

Clone
Source Code
GIT

Blame strict/domains/program/ddcprobe.te

c10s-sig-hyperscale c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-atomic c7-beta c8 c8-beta c8s c8s-sig-hyperscale c9 c9-beta c9s-sig-hyperscale
  1.   5e98eaa9889e0b8a8af5736d00b2b1a9f57a00e0
  2.   strict
  3.   domains
  4.   program
  5.   ddcprobe.te
Blob History Raw
Chris PeBenito 2705f9 
#DESC ddcprobe - output ddcprobe results from kudzu
Chris PeBenito 2705f9 
#
Chris PeBenito 2705f9 
# Author: dan walsh <dwalsh@redhat.com>
Chris PeBenito 2705f9 
#
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
type ddcprobe_t, domain, privmem;
Chris PeBenito 2705f9 
type ddcprobe_exec_t, file_type, exec_type, sysadmfile;
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
# Allow execution by the sysadm
Chris PeBenito 2705f9 
role sysadm_r types ddcprobe_t;
Chris PeBenito 2705f9 
role system_r types ddcprobe_t;
Chris PeBenito 2705f9 
domain_auto_trans(sysadm_t, ddcprobe_exec_t, ddcprobe_t)
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
uses_shlib(ddcprobe_t)
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
# Allow terminal access
Chris PeBenito 2705f9 
access_terminal(ddcprobe_t, sysadm)
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
# Allow ddcprobe to read /dev/mem
Chris PeBenito 2705f9 
allow ddcprobe_t memory_device_t:chr_file read;
Chris PeBenito 2705f9 
allow ddcprobe_t memory_device_t:chr_file { execute write };
Chris PeBenito 2705f9 
allow ddcprobe_t self:process execmem;
Chris PeBenito 2705f9 
allow ddcprobe_t zero_device_t:chr_file { execute read };
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
allow ddcprobe_t proc_t:dir search;
Chris PeBenito 2705f9 
allow ddcprobe_t proc_t:file { getattr read };
Chris PeBenito 2705f9 
can_exec(ddcprobe_t, sbin_t)
Chris PeBenito 2705f9 
allow ddcprobe_t user_tty_type:chr_file rw_file_perms;
Chris PeBenito 2705f9 
allow ddcprobe_t userdomain:fd use;
Chris PeBenito 2705f9 
read_sysctl(ddcprobe_t)
Chris PeBenito 2705f9 
allow ddcprobe_t urandom_device_t:chr_file { getattr read };
Chris PeBenito 2705f9 
allow ddcprobe_t { bin_t sbin_t }:dir r_dir_perms;
Chris PeBenito 2705f9 
allow ddcprobe_t self:capability { sys_rawio sys_admin };
Chris PeBenito 2705f9
Chris PeBenito 2705f9 
allow ddcprobe_t { etc_t etc_runtime_t }:file { getattr read };
Chris PeBenito 2705f9 
allow ddcprobe_t kudzu_exec_t:file getattr;
Chris PeBenito 2705f9 
allow ddcprobe_t lib_t:file { getattr read };
Chris PeBenito 2705f9 
read_locale(ddcprobe_t)
Chris PeBenito 2705f9 
allow ddcprobe_t modules_object_t:dir search;
Chris PeBenito 2705f9 
allow ddcprobe_t modules_dep_t:file { getattr read };
Chris PeBenito 2705f9 
allow ddcprobe_t usr_t:file { getattr read };
Chris PeBenito 2705f9 
allow ddcprobe_t kernel_t:system syslog_console;

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation